GUI has been written in Perl-GTK2 for creating the timeline. Since the GUI is written in GtK2 it will not work on every OS. It has been tested to work on both Linux (tested on Ubuntu) as well as on Mac OS X (tested on Mac OS X 10.5 and 10.6 with X11 installed and Macports to install dependencies).

Changelog

 [CHROME input] Added a new input module for Chrome browser history
 [OPERA input] Added a new input module for Opera history files (both DIRECT and GLOBAL history files)
 [CEF output Added an output module for the Common Event Format (CEF)
 [FIREFOX BOOKMARK] Added a new input module for Firefox bookmark file
 [EVTX] Added a new input module for Windows Event Log files (EVTX) for Windows Vista and Win 7, based on the EvtxParser libraries by Andreas Schuster More changelog

Current Input Modules

log2timeline currently supports parsing the following formats:

 Google Chrome history
 Windows Event Log files (EVT)
 Windows Event Log files (EVTX)
 EXIF. Extracts exif information or metadata from various media files
 Firefox bookmarks
 Firefox 3 history
 Internet Explorer history files, parsing index.dat files
 Windows IIS W3C log files
 ISA server text export. Copy query results to clipboard and into a text file
 Mactime body files (to provide an easy method to modify from mactime format to some other)
 Opera Global and Direct browser history
 OpenXML metadata, for metadata extraction from Office 2007 documents
 PCAP files, parsing network dump files created by tool such as Wireshark and tcpdump (PCAP)
 Windows Prefetch directory
 Windows Recycle Bin (INFO2 or I$)
 Windows Restore Points
 Windows XP SetupAPI.log file
 Adobe Local Shared Object files (SOL/LSO), aka Flash Cookies
 Squid Access Logs (httpd_emulate off)
 TLN (timeline) body files
 UserAssist key of the Windows registry
 Windows Shortcut files (LNK)
 Windows XP Firewall Log files (W3C format)

Current Output Modules

log2timeline currently supports exporting timeline into the following formats

 CEF. Common Event Format as described by ArcSight
 CFTL. A XML file that can be read by CyberForensics TimeLab (for timeline visualization)
 CSV. Dump the timeline in a comma separated value file (CSV) to easily import it into spreadsheet or use with scripts
 Mactime. Both older and newer version of the format supported for use by TSK’s mactime
 SIMILE. An XML file that can be read by a SIMILE timeline widget for timeline visualization
 SQLite. Dump the timeline into a SQLite database, that can be read by possible future visualization tools
 TLN. Timeline format that is used by some of H. Carvey tools

Update Submitted by Kristinn Gudjonsson (the author of log2timeline)